Yan Chen,Adam Bargteil,David Bindel,Randy H. Katz,John Kubiatowicz

DOI: https://doi.org/10.1007/3-540-45600-7_37

2001-01-01

Abstract:Network Denial of Service (DoS) attacks are increasing in frequency, severity and sophistication, making it desirable to measure the resilience of systems to DoS attacks. In this paper, we propose a simulation-based methodology and apply it to attacks on object location services such as DNS. Our results allow us to contrast the DoS resilience of three distinct architectures for object location.

Xiuzhen Chen,Shenghong Li,Jin Ma,Jianhua Li

DOI: https://doi.org/10.1109/csae.2011.5953208

2011-01-01

Abstract:With increasing denial of service attacks on network infrastructure, there is an urgent need to develop technique to assess the threat of attacks on network security online. A novel model of security threat assessment relying on several predefined metrics of network performance is proposed to measure the impact of denial of service attacks on service availability in real time. This model applies the technique of D-S evidence reasoning to fuse three metrics of network performance, which are designed carefully to reflect the reliability of service availability in three perspectives. Our approach includes three steps: determining performance parameters, calculating threat index and characterizing the threat state of service availability. Compared with other methods, this method avoids the unilateral result obtained from single sensor, helps administrators to determine security threat state, and provides threat evolution of service availability over time. Testing in a real network environment shows that this method greatly improves the accuracy of threat assessment, demonstrates the impact of denial of service attacks on network security is different from the beginning to the end of DoS attacks, and provides administrators with threat evolution picture macroscopically. Moreover, it lays the foundation for administrators to adopt security response policies in real time for reliable and robust network.

Haiding Tang,Zhouzheng Lu,Lifu Zhang,Yang Chen,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/etfa.2015.7301498

2015-01-01

Abstract:Recently, the industrial wireless protocols have been widely used around the world. However, the unreliable communication media between the sensors and the central controller renders the wireless signal channel vulnerable to many attacks. Various efforts have been devoted to study the influence of specific malicious attacks from the aspect of theoretical investigation based on different assumptions. This paper focuses on verifying the optimal Denial-of-Service (DoS) jamming attack strategy on a class of wireless industrial control system from the view of experiments. We first introduce typical control system model and DoS attack model, and an optimal DoS attack schedule against LQG control based on these models. Then, we establish a semi-physical security testbed which consists of virtual plant, physical controller and communication process. We also realize wireless DoS attacks by exploiting the USRP device. Through extensive experiments and analysis, we investigate the performance of different DoS attack strategies on the LQG control system over an inverted pendulum.

WEI Wei,DONG Ya-bo,LU Dong-ming,JIN Guang

DOI: https://doi.org/10.3785/j.issn.1008-973x.2008.05.007

2008-01-01

Abstract:Low rate TCP-targeted denial of service(DoS) attack makes use of time-out and retransmission mechanism in transmission control protocol(TCP) and could severely decrease the throughput of legitimate TCP traffic.With its attacking traffic pattern,obvious difference was found between the power spectrum density(PSD) of legitimate and attack traffic samples.The statistical characteristic of this difference in history data was analyzed,and a detection method using the summation of low frequency was proposed.Meanwhile,based on the methods of leak bucket and the increasing of routing buffer,a response method was provided,which uses leak bucket periodically for smoothing the flow and uses buffer for holding extra traffic to send in next period,and its reasonable resource requirement was proved.Simulations show that for more general attack scenarios than the existing methods,the detection method has very low positive and negative false ratio,and the response method can depress attack flows more effectively than the previous methods and maintain the legitimate throughput in a normal level while the previous methods failed.

Yin Qin,Xue Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.12.055

2006-01-01

Abstract:DDoS attacks in the Internet have produced new challenges to network and system security. Many mecha- nisms have been designed to address this problem in recent years. This paper surveys these techniques and analyses them.

Yang Wang,Chuang Lin,Quan-Lin Li,Yuguang Fang

DOI: https://doi.org/10.1016/j.comnet.2007.02.011

IF: 5.493

2007-01-01

Computer Networks

Abstract:In most network security analysis, researchers mainly focus on qualitative studies on security schemes and possible attacks, and there are few papers on quantitative analysis in the current literature. In this paper, we propose one queueing model for the evaluation of the denial of service (DoS) attacks in computer networks. The network under DoS attacks is characterized by a two-dimensional embedded Markov chain model. With this model, we can develop a memory-efficient algorithm for finding the stationary probability distribution which can be used to find other interesting performance metrics such as the connection loss probability and buffer occupancy percentages of half-open connections for regular traffic and attack traffic. Different from previous works in the literature, this paper gives a more general analytical approach to the study of security measures of a computer network under DoS attacks. We hope that our approach opens a new avenue to the quantitative evaluation of more complicated security schemes in computer networks.

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Lei Shi,Qingchen Liu,Jinliang Shao,Yuhua Cheng

DOI: https://doi.org/10.1109/LCSYS.2020.3003789

2020-06-26

Abstract:In this paper, we study the problem of localizing the sensors' positions in presence of denial-of-service (DoS) attacks. We consider a general attack model, in which the attacker action is only constrained through the frequency and duration of DoS attacks. We propose a distributed iterative localization algorithm with an abandonment strategy based on the barycentric coordinate of a sensor with respect to its neighbors, which is computed through relative distance measurements. In particular, if a sensor's communication links for receiving its neighbors' information lose packets due to DoS attacks, then the sensor abandons the location estimation. When the attacker launches DoS attacks, the AS-DILOC algorithm is proved theoretically to be able to accurately locate the sensors regardless of the attack strategy at each time. The effectiveness of the proposed algorithm is demonstrated through simulation examples.

Systems and Control

Di Wu,Jie Li,Sajal K. Das,Jinsong Wu,Yusheng Ji,Zhetao Li

DOI: https://doi.org/10.1109/icc.2018.8422448

2018-01-01

Abstract:Software-Defined networking (SDN), as a new paradigm, fixes the shortage that traditional network does not support the dynamic, scalable computing and storage needs of more computing environments. SDN, however, also faces security problems such as vulnerable to DDoS attacks. DDoS attacks are well-known and powerful attacks. DDoS detection and DDoS traffic separation for SDN environments are still an open research issue. DDoS attacks in SDN environments will not only bring damage to target server, but also takes exact impact on SDN system. In this paper, we identify a new type DDoS attack, specifically aiming SDN environment, which is harder to be detected. We propose a novel real-time DDoS detection scheme for SDN environment, by using Principal Component Analysis (PCA) scheme to analyze the network status on traffic packets data. We separate the network into different parts, to reduce the total calculation burden. We compare our scheme with sample entropy, showed our scheme achieves better detecting ability for DDoS attacks.

XU Xiaoqiong,YU Hongfang,YANG Kun

DOI: https://doi.org/10.3969/j.issn.1673-5188.2017.03.003

2019-01-01

Abstract:Distributed Denial of Service（DDoS） attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking（SDN） offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDo S attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDo S threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.

Yifan Sun,Jianquan Lu,Daniel W. C. Ho,Lulu Li

2024-11-04

Abstract:In this paper, we develop a new denial-of-service (DoS) estimator, enabling defenders to identify duration and frequency parameters of any DoS attacker, except for three edge cases, exclusively using real-time data. The key advantage of the estimator lies in its capability to facilitate security control in a wide range of practical scenarios, even when the attacker's information is previously unknown. We demonstrate the advantage and application of our new estimator in the context of two classical control scenarios, namely consensus of multi-agent systems and impulsive stabilization of nonlinear systems, for illustration.

Systems and Control,Optimization and Control

Ying Zhang,Cailian Chen,Jianping He

DOI: https://doi.org/10.1109/CAC48633.2019.8997270

2019-01-01

Abstract:Shared network is significant for networked control system with the increasing number of sensors and actuators. Such sharing is challenging not only because it needs to guarantee the control performance, but induces some security problems. Among the known cyber attacks, Denial of Service (DoS) attack is an easy and effective attack method. We discover two patterns of DoS attack resulting in different consequences. One is that the attacker hides through the way of not changing the probability of successful decoding, but increasing the transmission energy cost; the other is both the control and communication cost are increased because of the changed probability of successful decoding with the injection of the attacker. To analyze the cost of the two attack patterns, we establish a control and communication cost function. Then, we analyze the cost changes of the system with this cost function.

Jasmeen Kaur Chahal,Abhinav Bhandari,Sunny Behal

DOI: https://doi.org/10.1080/13614576.2019.1611468

2019-01-02

New Review of Information Networking

Abstract:In today's cyber world, the Internet has become a vital resource for providing a plethora of services. Unavailability of these services due to any reason leads to huge financial implications or even consequences on society. Distributed Denial of Service (DDoS) attacks have emerged as one of the most serious threats to the Internet whose aim is to completely deny the availability of different Internet based services to legitimate users. The attackers compromise a large number of Internet enabled devices and gain malicious control over them by exploiting their vulnerabilities. Simplicity of launching, traffic variety, IP spoofing, high volume traffic, involvement of numerous agent machines, and weak spots in Internet topology are important characteristics of DDoS attacks and makes its defense very challenging. This article provides a survey with the enhanced taxonomies of DDoS attacks and defense mechanisms. Additionally, we describe the timeline of DDoS attacks to date and attempt to discuss its impact according to various motivations. We highlighted the general issues, challenges, and current trends of DDoS attack technology. The aim of the article is to provide complete knowledge of DDoS attacks and defense mechanisms to the research community. This will, in turn, help to develop a powerful, effective, and efficient defense mechanism by filling the various research gaps addressed in already proposed defense mechanisms.

Qian Wang,Timothy Dunlap,Youngho Cho,Gang Qu

DOI: https://doi.org/10.1109/wocc.2017.7928974

2017-01-01

Abstract:Denial of service (DoS) attacks have been one of the major network security problems over the last decades. DoS attacks can usually be mounted on hardware devices such as routers and firewalls to send spoofing messages to the target network. Thus, methods for defeating such DoS attacks are highly related to the vulnerabilities in the hardware devices. In this paper, we investigate the potential attacks specific to the hardware infrastructure of the network and also categorize the countermeasures against DoS attacks that can be implemented on hardware devices. Moreover, we analyze the advantages of the emerging silicon physical unclonable functions and discuss the potential of integrating them into authentication methods in order to defend against DoS attacks.

Anindya Basu,Indrani Kar

2023-06-08

Abstract:Over the past decades, interest in enhancing the safety of cyber-physical systems (CPSs) has risen. The systems and control research society has recognised that the embedded closed-loop in integrated systems may be damaged if attackers can execute a successful malicious attack. This article examines the resilient control problem for CPSs with numerous transmission channels under Denial-of-Service (DoS). First, a partial observer technique is developed in response to the Multi-Channel DoS (MCDoS) condition. The changing frequency of MCDoS is characterized while maintaining the Global Asymptotic Stability (GAS) of the closed loop system. The partial observer is modified then to reduce the effect of the changing frequency of MCDoS in the system. Then a resilient event-based feedback control scheme is developed to address the Full-Scale DoS (FSDoS). We depict the changing frequency of MCDoS and the frequency and duration of FSDoS, allowing the feedback system's Global Asymptotic Stability (GAS) to be maintained. We regard event-based controllers for which a minimal inter-sample time is precisely formulated in response to the existence of digital channels.

Systems and Control

Qing-tao WU,You-gen ZHANG,Zhi-qing SHAO

DOI: https://doi.org/10.3969/j.issn.1006-3080.2006.05.019

2006-01-01

Abstract:Distributed Denial-of-Service (DDoS) attacks are a major threat to availability of computer networks. In this paper, a novel scheme for early detection of DDoS attacks is proposed, which is involved with probability distributions of normal behavior on computer networks and DDoS attacks detection model. The scheme employed statistical analysis of data from network connections to generate the probability distributions of normal network connections. Based on the probability distributions, DDoS attacks detection model is presented. The feasibility of the scheme is validated through the simulated test. The experimental results show the effectiveness of our scheme in detecting DDoS attacks. Also, this scheme provides some direction significance for other network security detection research.

Peng Zhang,Huanzhao Wang,Chengchen Hu,Chuang Lin

DOI: https://doi.org/10.1109/mnet.2016.1600109nm

IF: 10.294

2016-01-01

IEEE Network

Abstract:Software defined networking greatly simplifies network management by decoupling control functions from the network data plane. However, such a decoupling also opens SDN to various denial of service attacks: an adversary can easily exhaust network resources by flooding short-lived spoofed flows. Toward this issue, we present a comprehensive study of DoS attacks in SDN, and propose multi-layer fair queueing (MLFQ), a simple but effective DoS mitigation method. MLFQ enforces fair sharing of an SDN controller's resources with multiple layers of queues, which can dynamically expand and aggregate according to controller load. Both testbed-based and emulation-based experiments demonstrate the effectiveness of MLFQ in mitigating DoS attacks targeted at SDN controllers.

Muhui Jiang,Chenxu Wang,Xiapu Luo,MiuTung Miu,Ting Chen

DOI: https://doi.org/10.1109/ICWS.2017.58

2017-01-01

Abstract:Distributed Denial of Service (DDoS) attacks are still among the most urgent threats to the modern Internet. Recently, application layer DDoS attacks against web servers are becoming popular, resulting in great revenue losses to victims. A systematic evaluation on the impacts of different DDoS attack methods is vital for the protection of web servers. In this paper, we examine the impacts of application layer DDoS attacks, including existing attacks against HTTP/1.1 and the new attacks proposed by us against HTTP/2.0. Moreover, to better understand attackers' capabilities of launching severe application layer DDoS attacks, we design a new measurement method to remotely infer the performance of web servers and a method to differentiate dynamic and static URLs. We have collected and tailored 4 existing tools to launch 5 different DDoS attacks against HTTP/1.1 and developed a new DDoS tool to perform 5 different DDoS attacks against HTTP/2.0. By conducting extensive experiments in a testbed with two e-commercial websites running Apache and Nginx, we carefully evaluate the impacts of different DDoS attacks. The results show that the new remote measurement method is able to detect the effects caused by different DDoS attacks. Moreover, the attack impacts are affected by URLs, server architectures, and attack methods.

Zhen Cao,Zhi Guan,Zhong Chen,Jian-Bin Hu,Li-Yong Tang

DOI: https://doi.org/10.1007/s11390-010-9330-4

2010-01-01

Abstract:Denial-of-Service (DoS) attacks are virulent to both computer and networked systems. Modeling and evaluating DoS attacks are very important issues to networked systems; they provide both mathematical foundations and theoretic guidelines to security system design. As defense against DoS has been built more and more into security protocols, this paper studies how to evaluate the risk of DoS in security protocols. First, we build a formal framework to model protocol operations and attacker capabilities. Then we propose an economic model for the risk evaluation. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the “Value-at-Risk” (VaR) for the security protocols. The “Value-at-Risk” represents how much computing resources are expected to lose with a given level of confidence. The proposed model can help users to have a better understanding of the protocols they are using, and in the meantime help designers to examine their designs and get clues of improvement. Finally we apply the proposed model to analyze a key agreement protocol used in sensor networks and identify a DoS flaw there, and we also validate the applicability and effectiveness of our risk evaluation model by applying it to analyze and compare two public key authentication protocols.

Shibo Luo,Jun Wu,Jianhua Li,Bei Pei

DOI: https://doi.org/10.1109/FCST.2015.11

2015-01-01

Abstract:Distributed Denial of Service (DDoS) attack is a major threat to Internet based killer applications, such as independent news web sites, e-business and online games. Detecting and blocking such clever attacks has become difficult. Software-Defined Networks (SDN) has emerged as a future communication network architecture which decouples network control and forwarding. It has some particular features such as central control and programmability to combat against DDoS attack. In this paper, we survey DDoS attacks and existing defense mechanisms, and draw a conclusion of the needs of defense mechanism for successful combating against DDoS. Then, we analyze the particular features of SDN and conclude it is conducive to countermeasure DDoS attack. According the analysis, we construct a defense mechanism for DDoS in SDN. At last, we illustrate how this mechanism could combat against DDoS attacks through a working example.